A5 webmaster network (www.admin5.com) April 9th news, yesterday’s security agreement OpenSSL broke the most serious security vulnerabilities this year. This vulnerability was named "Heartbleed". Exploit the vulnerability, hackers sitting in front of his home computer, you can get real-time access to the user login account password about 30%https at the beginning of the site, including a large number of online banking, shopping sites, e-mail, etc..
It is understood that
OpenSSL is a security protocol to provide security and data integrity for network communication, as a security development package based on cryptography includes certificate and key cryptographic algorithm, common package management functions as well as the SSL protocol, is currently being widely used in major online banking, online payment, electricity supplier sites, portals, e-mail on important sites. HeartBeat vulnerability can reveal the contents of the server’s memory, which contains some of the most sensitive data, such as user name, password and credit card numbers and other private data. In addition, an attacker can obtain a copy of the server’s digital key to mimic the server, or decrypt the user’s communication through the server.
found that the vulnerability of the researchers pointed out that today’s two most popular web server Apache and nginx are using OpenSSL. Overall, these two servers accounted for about 2/3 of the total number of global sites. SSL is also used in other Internet software, such as desktop email clients and chat software. This information security vulnerabilities are particularly serious. If you want to fix this vulnerability, then the site will be forced to make a substantial adjustment, in addition to any user using OpenSSL must change the password, because these passwords may have been stolen. As more and more people rely on online services, and multiple sites in the repeated use of the same password, so it will bring big problems.
for the OpenSSL vulnerability, small clouds founder square Dayton in an interview with Sina Technology, OpenSSl essence and server related, there are many sites in the process of establishment of the station did not follow up the resulting upgraded version of the vulnerability of the. Under normal circumstances, the general HTTP protocol to visit the site, the user information security is not affected by OpenSSL. SSL are mostly used in the electricity supplier website, online banking and online payment field, because in terms of financial security and personal privacy and other sensitive content of the page, the server will generally be forced to use the HTTPS protocol.
has been affected by the vulnerability of the electricity supplier companies have said they have not been affected, or has been repaired. Ali safety responded that some versions of OpenSSL exist on the basis of the agreement on the common vulnerabilities, Ali each site has been first time in the repair process, has been dealt with, including Taobao, Tmall, Alipay and other major sites are confirmed safe to use. Dangdang said that at present has not received any information about this vulnerability, customer service has not received any complaints, >